From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Sat, 12 Aug 2017 11:51:01 +0200
Subject: [refpolicy] [PATCH 1/1] corecommands: label dhcpcd hook scripts
	bin_t
Message-ID: <20170812095101.10534-1-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

dhcpcd executes scripts in /usr/lib/dhcpcd/:

    avc:  denied  { execute_no_trans } for  pid=608 comm="dhcpcd"
    path="/usr/lib/dhcpcd/dhcpcd-run-hooks" dev="vda1" ino=406981
    scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:lib_t
    tclass=file permissive=1
---
 policy/modules/kernel/corecommands.fc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index d30445437fc2..ce4218fed6dd 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -165,6 +165,8 @@ ifdef(`distro_gentoo',`
 /usr/lib/at-spi2-core(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/avahi/avahi-daemon-check-dns\.sh	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dhcpcd/dhcpcd-hooks(/.*)?	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dhcpcd/dhcpcd-run-hooks --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/dovecot/.+			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/fence(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
@@ -338,8 +340,6 @@ ifdef(`distro_gentoo', `
 /usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 /usr/.*-.*-linux-gnu/binutils-bin(/.*)?	gen_context(system_u:object_r:bin_t,s0)
 
-/usr/lib/dhcpcd/dhcpcd-run-hooks --	gen_context(system_u:object_r:bin_t,s0)
-
 /usr/lib/rcscripts/addons(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/rcscripts/sh(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0)
-- 
2.14.1